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Video: Why rising bitcoin prices are not ait good news for ransomware writers 


In the last few months, the cryptocurrency industry has exploded with investor interest appearing to be at an 
all-time high. 

The price of Bitcoin alone has surged thousands of dollars in the past few weeks, topping $16,500 at the time 
of writing (https://www.coindesk.com/price/), and while some investors plea caution and anticipate a crash, the rise 
has highlighted just how much interest there is in digital coins and alternative payment methods. 

Over the course of the past year, traditional financial institutions have begun exploring cryptocurrency and its 
backbone infrastructure, digital ledger technologies known as blockchain, with some banks going so far as to 
offer their clients cryptocurrency-supporting trading accounts (http://www.zdnet.com/articie/faicon-bank-offers-ciients- 
cryptocurrency-trades/) and options. 

This month, Venezuelan President Nicolas Maduro went as far as to announce a plan to create "Petro," a 
sovereign virtual currency (http://www.zdnet.com/articLe/venezueLas-petro-cryptocuiTency-tipped-as-way-out-of-economic- 
crisis/) which he claims can be used to help dig the country out of its current economic crisis. 
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See also: Bitcoin futures begin trading (http://www.zdnet.com/articLe/bitcoin-futures-begin-trading/) | Ransomware's bitcoin problem: How price surge means a 
headache for crooks (http://www.zdnet.com/articLe/ransomwares-bitcoin-probLem-how-price-surge-means-a-headache-for-crooks/) | JPMorgan calls Bitcoin 'fraud' only 
for use by criminals and North Koreans (http://www.zdnet.com/articLe/jp-morgan-caLLs-bitcoin-fraud-onLy-usefuL-for-criminaLs-and-north-koreans/) | TechRepublic: Why 
more companies will be betting on Bitcoin in 2018 (https://www.techrepubLic.com/articLe/why-more-companies-wiLL-be-betting-on-bitcoin-in-2018/) 


It was back in 2014 with the abrupt closure Of Bitcoin trading platform (http://www.zdnet.com/articLe/russian-bitcoin-exchange-chief-arrested-in-connection-to-mt-gox- 

hack/) Mt. Gox which signaled all may not be well in the industry when it came to security. Investors are highly unlikely to ever get their money back 
and the former CEO, Mark Karpeles, faces charges of embezzlement. 


Since then, cryptocurrency interest has increased, but so has the security issues surrounding investment. 


2017 was an interesting year for the industry, with hacks, vulnerabilities, and data breaches a constant theme. 

January was a quiet month as we all recovered from the holiday season, but in February, programmers were Left 
shamefaced after a simple typing error caused the Loss of Zcoins worth $585,000 at the time. 

According to Zcoin (https://thehackemews.com/2017/02/zcoin-zerocoin-typo.htmL), a "typographical error on a single 
additional character" in the Zerocoin source code allowed an attacker to generate additional Zcoins during a 
single transaction, leading to the theft of roughly 370,000 Zcoins. 

Little of note took place in March, but in April, OneCoin representatives were in the middle of a sales pitch related 
to cryptocurrency when Law enforcement raided the company (https://timesofindia.indiatimes.com/city/navi-mumbai/e- 
currency-racket-rs-ig-crore-seized-from-bank-a/cs-in-deLhi-raj/articLeshow/5838807i.cms), jailing l8 employees and freezing 
roughly $2 million in investor funds. 

Local Delhi police said the company only accepted cash for cryptocurrency and did not issue receipts in order to 
cover its tracks, therefore suggesting the entire scheme was a scam. (However, this is not to be confused with the 
China-based XunLei's OneCoin (https://qz.com/1152564/the-hottest-cryptocurrency-in-china-isnt-bitcoin-its-onecoin-make-that- 
Lianke-by-xunLei-xnet/).) 

Little of note happened in May, but in June, the US Securities and Exchange Commission (SEC) won a court case 
(http://www.zdnet.com/articLe/bitcoin-scam-firms-sLammed-with-12-miLLion-penaLty/) against the now-defunct GAW Miners and 
Zen Miners, both of which were accused of running Bitcoin Ponzi schemes which defrauded investors with "the 
lure of quick riches from virtual currency." 
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argeted for investor funds and cyberattackers running amok. 

hackers used a disarmingly simple tactic to capitalize on investor enthusiasm and steal roughly $7.4 million 
i-in-ethereum-during-coindash-ico-launch/) in Ethereum (ETH). 

sed the CoinDash website and simply changed a wallet address intended for investors during the ICO to a 


llized what had occurred, but the damage was done. 


Just a week after, Veritaseum's ICO met a similar fate (https://www.coindesk.com/veritaseum-founder-cLaims-8-miUion-ico-token-stoLen/). In total, 36,000 VERI tokens 
were stolen by hackers during the event, worth nearly $8 million at the time. The tokens, however, belonged to the company and not investors. 

South Korean exchange Bithumb, the fourth largest exchange worldwide, also became a victim in July as thieves managed to steal a database of user 
information (https://thehackernews.com/2017/07/bitcoin-ethereum-cryptocurrency-exchange.htmO from an employee's personal PC to compromise user accounts, 
resulting in the theft of information and Bitcoin worth billions of won. 

In the same month, the Parity wallet was compromised by an attacker who slinked away with over $30 million (http://www.zdnet.com/articLe/hackers-strike- 
ethereum-again-slink-away-with-over-30-million/) in Ethereum. 


At least three wallets were compromised through the exploit of a vulnerability in the wallet, with Edgeless Casino, Aeternity, and Swarm City named as 
victims. 


To prevent more wallets being drained, white hats took charge and drained user wallets themselves to hold them until the bug was fixed. 

In August, hackers used a simple trick to swindle investors on the Ethereum platform Enigma. 

As the marketplace was gearing up for its ICO, potential traders were sent "very convincing" emails announcing a "pre-sale" of tokens and inviting them 
to participate. 

While some users recognized the emails as a scam, others did not, parting with close to $500,000 in Ethereum (http://www.zdnet.com/artide/enigma- 
ethereum-marketpLace-hijacked-by-attackers/). It appears that the user details were gained through the compromise of the Enigma Slack channel and email 
lists. 


In September, the US Commodity Futures Trading Commission (CFTC) filed a court case (http://www.cftc.gov/PressRoom/PressReLeases/pr7614-17) against 
Nicholas Gelfman and Gelfman Blueprint, alleging that the company scammed roughly 80 investors out of $600,000 through a Ponzi scheme. 


The victims were reportedly actually involved in an exit scheme and were told the "Jigsaw" trading platform had been hacked. 


D, by outlawing ICOs (http://www.zdnet.com/articLe/south-korea-bans-digitaL-currency-offerings/) due to the risk of 
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br, a start-up used to exchange cryptocurrency backed by traditional cash. The company revealed 

hat cybercriminals managed to compromise its treasury wallet and steal $30,950,010 USDT — a token linked 

;ens to an unauthorized wallet. 

:o recover the lost funds. 

irrency space. An Ethereum user, poking around the Parity wallet — used to store and trade Ethereum — 

ty (http://www.zdnet.com/articLe/ethereum-user-accidentaUy-expLoits-major-vuLnerabiLity-Locks-waUets/) hidden within the 


library of the standard multi-sig contract. 


The user was able to make himself an owner of a contract and at the same time wiped out a critical element of library code which locked other users 
out of their wallets. 


The actions of the user resulted in $160 million in funds being frozen. 

A solution is yet to be found (http://www.zdnet.com/articLe/parity-shakes-up-waLLet-audits-but-funds-remain-frozen/), although a hard fork 
(https://www.coindesk.com/parity-proposes-hard-fork-to-recLaim-frozen-160-miUion/) has been proposed as a potential solution. 

While companies grappled with the aftermath of theft and data breaches, a 47-year-old pastor in New Jersey was sentenced to over five years 
(https://www.ethnews.com/phson-for-pastor-trevon-gross-in-coin-mx-case) in prison for accepting bribes through the unlicensed, illegal Coin.mx Bitcoin exchange 
through his community church. 

It may be the season for holiday cheer, but few NiceHash users are going to have a good season. In December, the company admitted 
(http://www.zdnet.com/articLe/bitcoin-exchange-nicehash-hacked-70m-Lost/) that $68 million in investor funds had been stolen from the NiceHash wallet, resulting 
in suspended operations. The full extent of the breach is still not yet known. 

SEC took on another cryptocurrency outfit in the same month (http://www.zdnet.com/articLe/sec-cyber-unit-fiLes-charges-over-ico-fraud/), filing charges against 
PlexCorps for allegedly conducting ICO fraud. The company raised up to $15 million by promising investors a 13-fold profit within weeks. 

Read more: Quant Trojan upgrade targets Bitcoin, cryptocurrency wallets (http://www.zdnet.com/article/quant-trojan-upgrade-targets-cryptocurrency-user- 
wallets/) 


Data breaches and successful hacks are not the only concerns in the cryptocurrency industry, however, with some threat actors embracing new 
variants of malware to steal user funds and compromise wallets. 

While reports suggest (https://qz.com/mo419/north-korea-may-be-using-maLware-to-secretLy-mine-ethereum-monero-or-zcash/) North Korea is secretly using malware 
to enslave PCs for the purposes of cryptocurrency mining, the concept was also brought closer to home this year. 

Users of The Pirate Bay reported CPU problems (http://www.zdnet.com/articLe/500-miLLion-pcs-are-being-used-for-steaLth-cryptocurrency-mining-onLine/) in October 
when visiting the torrent search website, which was later revealed to be due to a Monero mining pilot, implemented without user consent. 

See also: 500 million PCs are being used for stealth cryptocurrency mining online (http://www.zdnet.com/articLe/500-miLLion-pcs-are-being-used-for-steaLth- 
cryptocurrency-mining-onLine/) | Hackers hijack Coinhive cryptocurrency miner through an old password (http://www.zdnet.com/articLe/hackers-hijack-coinhive-dns- 
server-through-an-oLd-password/) | How much does The Pirate Bay's cryptocurrency miner make? (http://www.zdnet.com/artide/how-much-does-the-pirate-bays- 
cryptocurrency-miner-make/) | Android security: Coin miners show up in apps and sites to wear out your CPU (http://www.zdnet.com/articLe/android-security-coin- 
miners-show-up-in-apps-and-sites-to-wear-out-your-cpu/) 

Cloudflare is now blocking websites which use such software without user permission, and while lending CPU power in return for ad-free browsing 
may be a possible future, consent is key. 
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Hackers hijack Coinhive cryptocurrency miner through an old password (http://www.zdnet.com/artide/hackers-hijack-coinhive-dns-server- 
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Yet another Lesson in how not to secure your network. 

Falcon bank offers clients Bitcoin, cryptocurrency trade accounts (http://www.zdnet.com/articLe/faLcon-bank-offers-dients-cryptocurrency- 
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Banking customers will now be abLe to hoLd and buy Bitcoin, but what does this mean for anonymity? 
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Video: Looking back on 2017 


Thought you caught everything in security this year? There was a Lot to unpack. Here are ten things we Learned this year that you might have missed. 

1. APPS CAN USE ULTRASONIC SOUNDS TO TRACK WHERE ITS USERS GO (http://www.zdnet.com/article/hundreds-of-apps- 

ARE-USING-ULTRASONIC-SOUNDS-TO-TRACK-YOUR-AD-HABITS/) 

These near-siLent tones can't be picked up by the human ear, but there are apps in your phone that are aLways YEARIN review 

Listening for them — and can be used to buiLd up a profiLe about what you've seen, where, and in some cases even 
the websites you've visited. 

2 . FACEBOOK CAN MATCH YOU WITH RELATIVES YOU DIDN'T EVEN KNOW YOU HAD 

(http://GIZMODO.COM/FACEBOOK-FIGURED-OUT-MY-FAMILY-SECRETS-AND-IT-WONT-TEL- 1797696 i 63 ) 

A Gizmodo reporter discovered that Facebook had suggested a Long-Lost reLative (http://gizmodo.com/facebook-figured- 
out-my-famiLy-secrets-and-it-wont-teL-1797696163) through "PeopLe You May Know," a secret aLgorithmic feature on the site - 
- even though they'd had no friends in common or an obvious connection of any kind. The sociaL media giant 
wouLdn't say how it put the two reLatives together. FiLe under "extremeLy creepy." 

3. RANSOMWARE CAN STILL RUN ON WINDOWS 10 VERSIONS PROTECTED FROM 
RANSOMWARE (http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we- 

TRIED-TO-HACK-IT/) 

Microsoft said "no known ransomware" works on Windows 10 S, a Locked down version that onLy aLLows apps 
through the Windows app store. We wanted to see if such a boLd cLaim couLd hoLd up. (It didn't 

(http://www.zdnet.com/artide/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/).) 

4. APPLE HIDES JOB POSTINGS ON SECRET SERVERS (http://www.zdnet.com/article/how-we- 

FOUND-THAT-HIDDEN-APPLE-JOB-POSTING/) 

AppLe hid a secret job posting on a pubLic-facing but hidden iCLoud server (http://www.zdnet.com/artide/how-we-found-that-hidden-appLe-job-posting/) earLier this 
year caLLing for a "a taLented engineer to deveLop a criticaL infrastructure component that is to be a key part of the AppLe ecosystem." Other companies 
aLso hide job postings in their website's source code and other unconventionaL pLaces in an effort to try to appeaL to the brightest and sharpest minds. 

5. YOU CAN GET SUBPOENAED BY SIMPLY BEING MENTIONED IN A TWEET 

(https://WWW.TECHDIRT.COM/ARTICLES/20171025/H290738482/DOJS-BIZARRE-SUBPOENA-OVER-EMOJI-HIGHLIGHTS-RIDICULOUS-VENDETTA- 

AGAINST-SECURITY-RESEARCHER.SHTML) 

Five peopLe, incLuding a respected data breach reporter (https://twitter.com/pogowasright) and renown Lawyer and bLogger (https://twitter.com/Popehat), were 
subpoenaed by the Justice Dept, for simpLy being named in a tweet (https://www.techdirt.com/articLes/20171023/18275838465/doj-subpoenas-twitter-about-popehat- 
dissent-doe-others-over-smiLey-emoji-tweet.shtmL). Prosecutors wanted a ton of information, incLuding names, postaL and IP addresses, and more in reLation to a 
case that critics caLLed a "vendetta" (https://www.techdirt.com/artides/20171025/11290738482/dojs-bizarre-subpoena-over-emoji-highLights-ridicuLous-vendetta-against-security- 
researcher.shtmD against a security researcher. 
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industry Lost some Luster, but 
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6. MASS SURVEILLANCE MAY NOT ACTUALLY WORK (http://www.zdnet.com/article/un-privacy-rapporteur-says-little-or-no- 

EVIDENCE-THAT-SURVEILLANCE-LAWS-WORK/) 


That's according to the United Nations' special rapporteur on privacy, who earlier this year (http://www.zdnet.com/articLe/un-privacy-rapporteur-says-LittLe-or-no- 
evidence-that-surveiLLance-iaws-work/) lambasted a spate of new surveillance laws across Europe and the US, saying there is "little to no evidence" that the 
mass monitoring of communication prevents terrorism. 

7 - NSA'S SPY PROGRAMS WONT SWITCH OFF WHEN US' SPY LAW EXPIRES 

<HTTPS://WWW.NYTIMES.COM/2017/12/o6/US/POLITICS/WARRANTLESS-SURVEILLANCE-LEGISLATION-SECTION-702.HTML?.R=0) 

A key law that allows the NSA to spy on foreigners overseas (and many Americans (http://www.zdnet.com/articLe/us-vioLated-spy-Laws-hundreds-of-times-in-the- 
past-decade/)) will expire at midnight on December 31, but because of how the surveillance programs are authorized, the legal power will roll over until 
about April (https://www.nytimes.com/20i7/i2/06/us/poLitics/warrantLess-surveiLLance-LegisLation-section-702.htmL?_r=0). That gives Congress a few more months to sign 
a bill to reform or reauthorize (http://www.zdnet.com/articLe/congress-muLLs-nsa-surveiLLance-reform-the-good-bad-and-ugLy-options/) the nation's spy laws for the first 
time since the Edward Snowden disclosures. 

8. DELETING YOUR YAHOO EMAIL ACCOUNT CAN BE SURPRISINGLY DIFFICULT (http://www.zdnet.com/article/yahoo-not- 

DELETING-EMAIL-ACCOUNTS-SAY-USERS/) 

After the massive 500 million account breach at Yahoo (the first of many — the number went up (http://www.zdnet.com/articLe/yahoo-hacked-again-more-than- 
one-biLLion-accounts-stoLen/) and up again (http://www.zdnet.com/articLe/yahoo-beLieves-3-biLLion-affected-by-2013-hack/)), some chose to delete their account for good. 
The process itself may be easy, but many found that their accounts would persist (http://www.zdnet.com/articLe/yahoo-not-deLeting-emaiL-accounts-say-users/) and 
wouldn't get wiped. 

9. TRUMP USED AN UNSECURED ANDROID PHONE FOR MONTHS INTO HIS PRESIDENCY (http://www.zdnet.com/article/for- 

NATIONAL-SECURITY-TRUMP-TRADES-IN-PHONE-FOR-SECRET-SERVICE-APPROVED-DEVICE/) 

Even after President Trump took office, he was reportedly still using his old Galaxy S3 phone (https://www.theverge.com/2oi7/i/25/i4386524/trump-unsecure- 
android-phone-report) to tweet and take calls. The phone was out-of-date and didn't have the latest patches, unlike newer phones, causing a significant 
security risk to the commander-in-chief. One report said an attacker gaining access (http://www.buzzfeed.com/josephbemstein/donaLd-trumps-twitter-account-is-a- 
security-disaster-waiting) to Trump's phone — and his Twitter account — could be a "security disaster waiting to happen." He was since given a more secure 
smartphone (http://www.zdnet.com/articLe/for-nationaL-security-trump-trades-in-phone-for-secret-service-approved-device/). 

10. NOBODY SEEMS TO KNOW WHAT RUDY GIULIANI'S CYBERSECURITY FIRM ACTUALLY DOES 

(http://www.zdnet.com/article/nobody-seems-to-know-what-rudy-giulianis-cybersecurity-company-actually-does/) 

The former New York mayor has been advising Trump's administration on cybersecurity, largely in part due to owning his own private cybersecurity 
company. But nobody seems to know exactly what his company does, and the mystery remains. What isn't a secret is how horribly insecure his 
company's website is (https://gizmodo.com/the-website-of-donaLd-trumps-top-cyber-security-advisor-1791145791). Not a good look. 
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Contact me securely (https://medium.c0m/@zackwhittaker/how-to-contact-me-secureiy-38dc5c5bc756) 

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755-8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 
5D97 CB8C 15FA EB6C EEA5. 

Read More (https://medium.c0m/@zackwhittaker/how-to-contact-me-secureiy-38dc5c5bc756) 


ZDNET INVESTIGATIONS 

Lawsuits threaten infosec research —just when we need it most (http://www.zdnet.com/article/chilling-effect-lawsuits-threaten-security-research-need-it-most/) 
NSA's Ragtime program targets Americans, leaked files show (http://www.zdnet.com/article/ragtime-program-appear-in-nsa-leaked-files/) 

Leaked TSA documents reveal New York airport's wave of security lapses (http://www.zdnet.com/article/leaked-files-reveal-catalog-of-airport-security-lapses/) 
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US government pushed tech firms to hand over source code (http://www.zdnet.com/article/us-government-pushed-tech-firms-to-hand-over-source-code/) 

Millions Of Verizon customer records exposed in security lapse (http://www.zdnet.com/article/millions-verizon-customer-records-israeli-data/) 

Meet the shadowy tech brokers that deliver your data to the NSA (http://www.zdnet.com/article/meet-the-shadowy-tech-brokers-that-deliver-your-data-to-the- 
nsa/) 

Inside the global terror watchlist that secretly shadows millions (http://www.zdnet.com/article/inside-the-global-terrorism-blacklist-secretly-shadowing-milUons- 
of-suspects/) 

FCC chairman voted to sell your browsing history — SO we asked to see his (http://www.zdnet.com/article/fcc-chairman-browsing-history-freedom-of- 
information/) 

198 million Americans hit by 'largest ever' voter records leak (http://www.zdnet.com/articie/security-iapse-exposes-198-miiiion-united-states-voter-records/) 

Britain has passed the 'most extreme surveillance law ever passed in a democracy' (http://www.zdnet.com/articie/snoopers-charter-expansive-new-spying- 
powers-becomes-law/) 

Microsoft says 'no known ransomware' runs on Windows 10 S — so we tried to hack it (http://www.zdnet.com/articie/microsoft-no-known-ransomware- 
windows-we-tried-to-hack-it/) 

Leaked document reveals UK plans for wider internet surveillance (http://www.zdnet.com/article/leaked-document-reveals-uk-plans-for-wider-internet- 
surveillance/) 
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